Multichain, a cross-chain bridging platform, was reportedly hit by a security breach. Following the incident, Circle froze $63 million in USDC.
Multi-attack
On July 7, security firm PeckShieldAlert reported an exploit on Multichain, resulting in approximately $126M worth of cryptos drained from the bridge. With this incident, Multichain joined the list of the top 6 cross-chain bridge exploits during 2021-2023.
The exploit has affected assets on Fantom, Moonriver, and Dogechain.
As reported on Fantom, the breach compromised assets, including DAI, LINK, and USDT, with a total value of $20 million. Additionally, the breach involved the transfer of 1,023 wBTC ($30.9 million), 7,124 wETH ($13.6 million), and 57 million USDC.
Assets on the Moonriver chain were also impacted, with approximately $6.8 million worth of assets, including wBTC, USDT, USDC, and DAI, compromised. Finally, the breach led to the unauthorized transfer of $600,000 USDC on the Dogechain.
Loki Zeng, a crypto analyst and former researcher at Huobi Ventures, shed light on the critical factors behind the recent breach. Zeng highlighted that the transferor had sufficient time to execute the exploit successfully.
Taking advantage of the technical characteristics of Multi-Party Computation (MPC), it is believed that the transferor managed to gain complete control over private key shards, surpassing the threshold requirement.
According to Zeng’s analysis, the attack method was incredibly straightforward, with no contracts or complex mechanisms. This suggests that the perpetrator may not have been a professional hacker.
In the attacks on other cross-chain bridges, hackers tended to launder stolen funds through Tornado Cash.
However, the Multichain attacker did not take further actions to dispose of or realize the compromised assets. It is possible that the operator responsible for managing the assets did not possess absolute decision-making authority, the analyst suggested.
Following the incident, the Curve Finance platform has warned users to stop using tokens issued by Multichain. Later on the day, Multichain issued a notice of operation halting, suggesting users refrain from using its services.
To wit,
“The Multichain service has currently stopped, and all bridge transactions will remain stuck on the source chains. There is no confirmed resumption time. Please refrain from using the Multichain bridging service for now.”
USDC issuer Circle has taken quick action following a potential security breach. Three wallet addresses tied to the alarming transfers have been blacklisted. $63 million in USDC has also been frozen, PeckShield reported.
MULTI Price Plummets
Multichain token (MULTI) has faced ongoing struggles, with its price persistently trending downward, currently hovering around $2.8, according to on-chain data. This downtrend follows a significant drop of 50% within a month at the end of May.
The decline can be attributed to disruptions in Multichain’s cross-chain bridges and the absence of CEO Zhao Jun, who is reportedly under investigation and suspected of the arrest.
Simultaneously, Binance, one of the leading cryptocurrency exchanges, temporarily suspended token deposits via the bridge associated with the troubled Multichain project.
This suspension has affected multiple pairs, including POLS-BSC, ACH-BSC, BIFI-FTM, SUPER-BSC, AVA-ETH, SPELL-AVAXC, ALPACA-FTM, FTM-ETH, FARM-BSC, and DEXE-BSC.
The impact of Multichain’s cross-chain bridge disruption has reverberated significantly throughout the Fantom network.
On June 5, Multichain announced the reopening of the troubled bridges, aiming to restore functionality and alleviate concerns.
On July 7, Binance suspended support for deposits and withdrawals of select tokens via Multichain’s cross-chain bridges, further underscoring the obstacles faced by Multichain.
There have been recent breaches that made people question the security standards for cross-chain operations. One example is Poly Network, a cross-chain platform that experienced an attack where the attacker minted 57 different tokens on 10 separate blockchains.